Protection of natural persons with reference to personal data
During 2020, for Iren S.p.A. and for the main Group companies, the activity of adapting, monitoring and implementing the existing Group Privacy System, in compliance with the regulatory principles referred to in EU Regulation 679/16 (GDPR) and the national legislation in force (Legislative Decree 196/2003 and subsequent amendments, supplementary measures issued by the Privacy Guarantor, etc.) was carried out.
The GDPR substantially changed the concept of Privacy with the objective of strengthening the rights of individuals to personal data protection, introducing among other things, the concepts of privacy by design and by default and of accountability, thus obliging Companies to set up their Privacy right from the start, adopting the best solutions in order to minimise personal data processing.
The project launched, developed starting from 2017 and in the following years, led to the identification of the Data Protection Officer (DPO) of Iren S.p.A. in the figure of the 231 System Compliance and Privacy Manager, subsequently designated by the Data Controller (CEO of Iren S.p.A.). The same then gave instructions, in the context of the activity of management and coordination of the subsidiaries, to the Data Controllers of these companies, that they were to appoint as DPO the same person chosen for the Parent Company.
Subsequently all the Data Controllers of the main Group Companies therefore designated as DPO the Parent Company DPO and made the relevant communication to the Supervisory Authority.
In 2020, activities to adapt and monitor the Group's Privacy System led, among other things, to the implementation of a special tool for managing the Group's Privacy System, the publication of procedures containing rules of conduct to be implemented by staff, the conduct of detailed training activities (both online in e-learning mode, aimed at the entire company population, and in attendance - remotely - on specific procedures), and constant support for business structures on all issues relating to the processing of personal data.
The Processing Registers, provided for under the terms of art. 30 GDPR are also constantly updated. These documents, revised annually, are provided for in the legislation for the purpose of providing full knowledge of the existing processing, identifying, among other things, a number of elements of particular significance such as data processed, conservation times, risk levels, etc.
Control of companies abroad
It is noted that the Company does not control companies established and regulated by the laws of non-EU countries. Furthermore, it is noted that Iren S.p.A. is not subject to management and coordination by another company.
Report on Corporate Governance and Ownership Structures and Report on the policy on the subject of remuneration and on fees paid
The Report on Corporate Governance and Ownership Structures and the Report on the policy on the subject of remuneration and on fees paid, approved by the Board of Directors and published within the legal deadline, include information not mentioned in the section below Information on Iren’s Corporate Governance, as envisaged in art. 123‐bis and art. 123‐ter of Italian Legislative Decree no. 58 of 24 February 1998, and subsequent amendments and additions.